However, the more elegant way is to host your own (company-wide) package repository and include that one via an APT sources *.list instead. Here we're (knowingly) skipping any signature verification for foobar.